Définitions
Client: refers to the user of the ZIWIT company site, who unreservedly accepts the confidentiality policy, explicitly indicating their wishes when submitting a form on the site.
Article 1 – Object
The ZIWIT company shall apply the enforceable regulation regarding the processing of personal data, and particularly, the regulation 2016/679/EU, referred to as “GDPR” hereunder.
Article 1.2 – Description of the processing of personal data
In the interest of providing the best service to the Customer, the ZIWIT company may collect the following information:
Any information required to meet the Customer’s expectations and needs
Any information about the Customer in order for the ZIWIT company to provide the most appropriate and customized solutions
Subsequent to collecting the data aforementioned, the ZIWIT company shall process these personal data for the following purposes:
Create the customer file of the Customer
Ensure the monitoring, maintenance and management of the service provided to the Customer
Guarantee the best quality of service and the best user experience to the Customer
Create internal statistics intended to improve the communication and the services provided by the ZIWIT company
Article 1.3 – Technical and organizational measures
In order to fully comply with the provisions laid down by the GDPR, the ZIWIT company implemented technical and organizational measures within its structure. These measures particularly include:
The implementation of internal procedures pertaining to the steps to process personal data
The complete deletion of all the data two (2) years upon termination of the contractual relationship between the Customer and the ZIWIT company, in accordance with the conditions mentioned in Article 1.5
The transparency of the collection, the purposes and the processing of the personal data
The implementation of strict security measures to ensure the protection of the persons’ data, particularly:
The storage of all the data in locations whose access is strictly limited to the persons authorized to process them
The implementation of high security standards in order to provide a high security level of the services provided by the ZIWIT company
The encryption of the communications via TLS
The implementation of good IT practices with the ZIWIT company
Carrying out internal audits on a regular basis in order to check the security of the information systems
The implementation of innovative cybersecurity solutions, including the use of the HTTPCS Suite
Article 1.4 – Data transfer
The personal data processed by the ZIWIT company are not transferred to non-Member States of the European Union. However, if a potential transfer outside the territory of the European Union were to happen, the ZIWIT company shall make sure that the third country has appropriate safeguards or an adequacy decision ensuring a data protection in accordance with the GDPR.
In case of transfer of their data to a non-Member State of the European Union, the Customer shall be notified by any means.
Article 1.5 – Period of storage of the personal data
The Customer’s personal data which have been processed by the ZIWIT company shall be stored for the whole contractual period binding the Customer and the ZIWIT company.
The personal data shall be stored for a period of two (2) years upon termination of the contract binding the parties.
Article 1.6 – Processor
Some data may be processed by processors which are all located on the territory of the European Union and comply with the provisions of the GDPR.
The ZIWIT company took all necessary precautions to make sure of the processors’ compliance with the GDPR, particularly by making sure of:
The signature of a processing agreement with each processor
The implementation of strict technical and organizational measures by the processor, in order to guarantee the security of the Customer’s personal data
The regular monitoring of the processor’s compliance with the GDPR
If the ZIWIT company were to transfer some data to a processor not located on the territory of the European Union, it shall notify the Customer by any means as soon as possible.
Article 1.7 – Notification of data breach
Within the meaning of the General Data Protection Regulation, a data breach is the occurrence of a risky situation for the data subjects’ rights and freedoms. This risk is likely to result in a psychological, material or physical damage for the persons, regardless of the cause or consequences of the breach.
If the ZIWIT company were to undergo a data breach, it shall warn the competent supervisory authority at the latest seventy-two (72) hours after acknowledging the breach.
Upon notifying the competent supervisory authority, the ZIWIT company shall also inform the Customer of the situation by any means, by mentioning:
The cause of the data breach
The potential consequences of the breach for the Customer
The security measures considered by the ZIWIT company to make sure that such a situation does not happen again
Article 1.8 – Exercise of the rights of the Customer
In accordance with the General Data Protection Regulation, the Customer has:
a right of access to their data
a right to be forgotten
a right to object
a right to rectification
a right to erasure
a right to portability
a right to restriction
For any request relating to the exercise of their rights, the Customer shall contact the ZIWIT DPO by mail to the following address: Société ZIWIT – DPO Weronika Baran – 40, Avenue Théroigne de Méricourt – 34000 Montpellier – France or by e-mail : legal@ziwit.com
For any request relating to the exercise of their rights on their personal data, the Customer shall enclose a proof of identity.
The ZIWIT company shall deal with the Customer’s request within one (1) month after receiving it.
Article 2 – Cookie policy
When you first log on to the ziwit website, you are warned by a banner at the bottom of your screen that information relating to your browsing may be saved in files called "cookies". Our cookie policy allows you to better understand the provisions that we implement in terms of navigation on our website. In particular, it informs you about all the cookies on our website, their purpose (Article 2.1 and Article 2.2) and gives you the procedure to follow to configure them (Article 2.3).
Article 2.1 - Cookies exempt from consent
In accordance with the recommendations of the National Commission for Informatics and Liberties (CNIL), some cookies are exempt from the prior collection of your consent to the extent that they are strictly necessary for the operation of the website or have the sole purpose of enabling or facilitating communication by electronic means. These include session ID, authentication, load balancing session cookies as well as cookies for customizing your interface. These cookies are fully subject to this policy insofar as they are issued and managed by ZIWIT SAS.
Article 2.2 - Audience measurement cookies
Audience measurement cookies establish statistics concerning the visits and use of various elements of the website (such as the content / pages you have visited). This data helps to improve the ergonomics of the ZIWIT SAS website. An audience measurement tool is used on this website:
Google Analytics: this tool is configured to benefit from the consent exemption
Statistical data is anonymized.
The cookie is valid for one (1) year.
Article 2.3 - You have various tools for configuring cookies
Most Internet browsers are configured by default so that the deposit of cookies is authorized. Your browser offers you the opportunity to modify these standard settings so that all cookies are systematically rejected or that only some cookies are accepted or refused depending on their issuer. Your browser also allows you to delete existing cookies on your terminal or to notify you when new cookies are likely to be placed on your terminal. These settings have no effect on your browsing but make you lose all the benefit provided by the cookie. For more information on the tools for controlling cookies, you can consult the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser (in French).
Ziwit Consultancy ServicesManual audits and Pentests on-site or remotely
